mirror of
https://github.com/topjohnwu/selinux.git
synced 2024-11-30 23:10:23 +00:00
Allow libsepol C++ static library on device.
Change-Id: I7da601767c3a4ebed7274e33304d8b589a9115fe Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This commit is contained in:
parent
1d71622a37
commit
ed7a6ba24a
@ -1575,7 +1575,7 @@ int define_compute_type_helper(int which, avrule_t ** rule)
|
||||
goto bad;
|
||||
}
|
||||
class_perm_node_init(perm);
|
||||
perm->class = i + 1;
|
||||
perm->tclass = i + 1;
|
||||
perm->data = datum->s.value;
|
||||
perm->next = avrule->perms;
|
||||
avrule->perms = perm;
|
||||
@ -1796,7 +1796,7 @@ int define_te_avtab_helper(int which, avrule_t ** rule)
|
||||
goto out;
|
||||
}
|
||||
class_perm_node_init(cur_perms);
|
||||
cur_perms->class = i + 1;
|
||||
cur_perms->tclass = i + 1;
|
||||
if (!perms)
|
||||
perms = cur_perms;
|
||||
if (tail)
|
||||
|
@ -269,7 +269,7 @@ int display_avrule(avrule_t * avrule, policydb_t * policy,
|
||||
|
||||
cur = avrule->perms;
|
||||
while (cur) {
|
||||
display_id(policy, fp, SYM_CLASSES, cur->class - 1, "");
|
||||
display_id(policy, fp, SYM_CLASSES, cur->tclass - 1, "");
|
||||
cur = cur->next;
|
||||
}
|
||||
|
||||
@ -278,7 +278,7 @@ int display_avrule(avrule_t * avrule, policydb_t * policy,
|
||||
fprintf(fp, " ");
|
||||
|
||||
if (avrule->specified & (AVRULE_AV | AVRULE_NEVERALLOW)) {
|
||||
render_access_mask(avrule->perms->data, avrule->perms->class,
|
||||
render_access_mask(avrule->perms->data, avrule->perms->tclass,
|
||||
policy, fp);
|
||||
} else if (avrule->specified & AVRULE_TYPE) {
|
||||
display_id(policy, fp, SYM_TYPES, avrule->perms->data - 1, "");
|
||||
|
@ -95,3 +95,14 @@ LOCAL_SHARED_LIBRARIES := libsepol
|
||||
LOCAL_MODULE_CLASS := EXECUTABLES
|
||||
|
||||
include $(BUILD_HOST_EXECUTABLE)
|
||||
|
||||
include $(CLEAR_VARS)
|
||||
|
||||
LOCAL_MODULE := libsepol
|
||||
LOCAL_MODULE_TAGES := optional
|
||||
LOCAL_C_INCLUDES := $(common_includes)
|
||||
LOCAL_CFLAGS := $(common_cflags)
|
||||
LOCAL_SRC_FILES := $(common_src_files)
|
||||
LOCAL_MODULE_CLASS := STATIC_LIBRARIES
|
||||
|
||||
include $(BUILD_STATIC_LIBRARY)
|
||||
|
@ -3,6 +3,9 @@
|
||||
|
||||
#include <stddef.h>
|
||||
#include <sepol/handle.h>
|
||||
#include <sys/cdefs.h>
|
||||
|
||||
__BEGIN_DECLS
|
||||
|
||||
struct sepol_bool;
|
||||
struct sepol_bool_key;
|
||||
@ -48,4 +51,5 @@ extern int sepol_bool_clone(sepol_handle_t * handle,
|
||||
|
||||
extern void sepol_bool_free(sepol_bool_t * boolean);
|
||||
|
||||
__END_DECLS
|
||||
#endif
|
||||
|
@ -5,6 +5,9 @@
|
||||
#include <sepol/policydb.h>
|
||||
#include <sepol/boolean_record.h>
|
||||
#include <sepol/handle.h>
|
||||
#include <sys/cdefs.h>
|
||||
|
||||
__BEGIN_DECLS
|
||||
|
||||
/*--------------compatibility--------------*/
|
||||
|
||||
@ -56,4 +59,5 @@ extern int sepol_bool_iterate(sepol_handle_t * handle,
|
||||
int (*fn) (const sepol_bool_t * boolean,
|
||||
void *fn_arg), void *arg);
|
||||
|
||||
__END_DECLS
|
||||
#endif
|
||||
|
@ -4,6 +4,9 @@
|
||||
#include <sepol/context_record.h>
|
||||
#include <sepol/policydb.h>
|
||||
#include <sepol/handle.h>
|
||||
#include <sys/cdefs.h>
|
||||
|
||||
__BEGIN_DECLS
|
||||
|
||||
/* -- Deprecated -- */
|
||||
|
||||
@ -22,4 +25,6 @@ extern int sepol_mls_contains(sepol_handle_t * handle,
|
||||
|
||||
extern int sepol_mls_check(sepol_handle_t * handle,
|
||||
const sepol_policydb_t * policydb, const char *mls);
|
||||
|
||||
__END_DECLS
|
||||
#endif
|
||||
|
@ -2,6 +2,9 @@
|
||||
#define _SEPOL_CONTEXT_RECORD_H_
|
||||
|
||||
#include <sepol/handle.h>
|
||||
#include <sys/cdefs.h>
|
||||
|
||||
__BEGIN_DECLS
|
||||
|
||||
struct sepol_context;
|
||||
typedef struct sepol_context sepol_context_t;
|
||||
@ -50,4 +53,5 @@ extern int sepol_context_from_string(sepol_handle_t * handle,
|
||||
extern int sepol_context_to_string(sepol_handle_t * handle,
|
||||
const sepol_context_t * con, char **str_ptr);
|
||||
|
||||
__END_DECLS
|
||||
#endif
|
||||
|
@ -2,6 +2,9 @@
|
||||
#define _SEPOL_DEBUG_H_
|
||||
|
||||
#include <sepol/handle.h>
|
||||
#include <sys/cdefs.h>
|
||||
|
||||
__BEGIN_DECLS
|
||||
|
||||
/* Deprecated */
|
||||
extern void sepol_debug(int on);
|
||||
@ -31,4 +34,6 @@ extern void sepol_msg_set_callback(sepol_handle_t * handle,
|
||||
handle,
|
||||
const char *fmt, ...),
|
||||
void *msg_callback_arg);
|
||||
|
||||
__END_DECLS
|
||||
#endif
|
||||
|
@ -4,6 +4,9 @@
|
||||
#define __sepol_errno_h__
|
||||
|
||||
#include <errno.h>
|
||||
#include <sys/cdefs.h>
|
||||
|
||||
__BEGIN_DECLS
|
||||
|
||||
#define SEPOL_OK 0
|
||||
|
||||
@ -22,4 +25,5 @@
|
||||
#define SEPOL_EEXIST -EEXIST
|
||||
#define SEPOL_ENOENT -ENOENT
|
||||
|
||||
__END_DECLS
|
||||
#endif
|
||||
|
@ -1,6 +1,10 @@
|
||||
#ifndef _SEPOL_HANDLE_H_
|
||||
#define _SEPOL_HANDLE_H_
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
|
||||
__BEGIN_DECLS
|
||||
|
||||
struct sepol_handle;
|
||||
typedef struct sepol_handle sepol_handle_t;
|
||||
|
||||
@ -31,4 +35,5 @@ int sepol_get_preserve_tunables(sepol_handle_t * sh);
|
||||
* 0 is default and discard such branch, 1 preserves them */
|
||||
void sepol_set_preserve_tunables(sepol_handle_t * sh, int preserve_tunables);
|
||||
|
||||
__END_DECLS
|
||||
#endif
|
||||
|
@ -3,6 +3,9 @@
|
||||
|
||||
#include <sepol/handle.h>
|
||||
#include <sepol/context_record.h>
|
||||
#include <sys/cdefs.h>
|
||||
|
||||
__BEGIN_DECLS
|
||||
|
||||
struct sepol_iface;
|
||||
struct sepol_iface_key;
|
||||
@ -56,4 +59,5 @@ extern int sepol_iface_clone(sepol_handle_t * handle,
|
||||
|
||||
extern void sepol_iface_free(sepol_iface_t * iface);
|
||||
|
||||
__END_DECLS
|
||||
#endif
|
||||
|
@ -4,6 +4,9 @@
|
||||
#include <sepol/policydb.h>
|
||||
#include <sepol/iface_record.h>
|
||||
#include <sepol/handle.h>
|
||||
#include <sys/cdefs.h>
|
||||
|
||||
__BEGIN_DECLS
|
||||
|
||||
/* Return the number of interfaces */
|
||||
extern int sepol_iface_count(sepol_handle_t * handle,
|
||||
@ -40,4 +43,5 @@ extern int sepol_iface_iterate(sepol_handle_t * handle,
|
||||
int (*fn) (const sepol_iface_t * iface,
|
||||
void *fn_arg), void *arg);
|
||||
|
||||
__END_DECLS
|
||||
#endif
|
||||
|
@ -7,6 +7,9 @@
|
||||
|
||||
#include <sepol/handle.h>
|
||||
#include <sepol/policydb.h>
|
||||
#include <sys/cdefs.h>
|
||||
|
||||
__BEGIN_DECLS
|
||||
|
||||
struct sepol_module_package;
|
||||
typedef struct sepol_module_package sepol_module_package_t;
|
||||
@ -79,4 +82,5 @@ extern int sepol_expand_module(sepol_handle_t * handle,
|
||||
sepol_policydb_t * base,
|
||||
sepol_policydb_t * out, int verbose, int check);
|
||||
|
||||
__END_DECLS
|
||||
#endif
|
||||
|
@ -4,6 +4,9 @@
|
||||
#include <stddef.h>
|
||||
#include <sepol/context_record.h>
|
||||
#include <sepol/handle.h>
|
||||
#include <sys/cdefs.h>
|
||||
|
||||
__BEGIN_DECLS
|
||||
|
||||
struct sepol_node;
|
||||
struct sepol_node_key;
|
||||
@ -89,4 +92,5 @@ extern int sepol_node_clone(sepol_handle_t * handle,
|
||||
|
||||
extern void sepol_node_free(sepol_node_t * node);
|
||||
|
||||
__END_DECLS
|
||||
#endif
|
||||
|
@ -4,6 +4,9 @@
|
||||
#include <sepol/handle.h>
|
||||
#include <sepol/policydb.h>
|
||||
#include <sepol/node_record.h>
|
||||
#include <sys/cdefs.h>
|
||||
|
||||
__BEGIN_DECLS
|
||||
|
||||
/* Return the number of nodes */
|
||||
extern int sepol_node_count(sepol_handle_t * handle,
|
||||
@ -37,4 +40,5 @@ extern int sepol_node_iterate(sepol_handle_t * handle,
|
||||
int (*fn) (const sepol_node_t * node,
|
||||
void *fn_arg), void *arg);
|
||||
|
||||
__END_DECLS
|
||||
#endif
|
||||
|
@ -5,6 +5,9 @@
|
||||
#include <stdio.h>
|
||||
|
||||
#include <sepol/handle.h>
|
||||
#include <sys/cdefs.h>
|
||||
|
||||
__BEGIN_DECLS
|
||||
|
||||
struct sepol_policy_file;
|
||||
typedef struct sepol_policy_file sepol_policy_file_t;
|
||||
@ -141,4 +144,5 @@ extern int sepol_policydb_mls_enabled(const sepol_policydb_t * p);
|
||||
*/
|
||||
extern int sepol_policydb_compat_net(const sepol_policydb_t * p);
|
||||
|
||||
__END_DECLS
|
||||
#endif
|
||||
|
@ -21,6 +21,9 @@
|
||||
#define _SEPOL_AVRULE_BLOCK_H_
|
||||
|
||||
#include <sepol/policydb/policydb.h>
|
||||
#include <sys/cdefs.h>
|
||||
|
||||
__BEGIN_DECLS
|
||||
|
||||
extern avrule_block_t *avrule_block_create(void);
|
||||
extern void avrule_block_destroy(avrule_block_t * x);
|
||||
@ -34,4 +37,5 @@ extern cond_list_t *get_decl_cond_list(policydb_t * p,
|
||||
extern int is_id_enabled(char *id, policydb_t * p, int symbol_table);
|
||||
extern int is_perm_enabled(char *class_id, char *perm_id, policydb_t * p);
|
||||
|
||||
__END_DECLS
|
||||
#endif
|
||||
|
@ -40,9 +40,12 @@
|
||||
#ifndef _SEPOL_POLICYDB_AVTAB_H_
|
||||
#define _SEPOL_POLICYDB_AVTAB_H_
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
#include <sys/types.h>
|
||||
#include <stdint.h>
|
||||
|
||||
__BEGIN_DECLS
|
||||
|
||||
typedef struct avtab_key {
|
||||
uint16_t source_type;
|
||||
uint16_t target_type;
|
||||
@ -123,6 +126,7 @@ extern avtab_ptr_t avtab_search_node_next(avtab_ptr_t node, int specified);
|
||||
/* avtab_alloc uses one bucket per 2-4 elements, so adjust to get maximum buckets */
|
||||
#define MAX_AVTAB_SIZE (MAX_AVTAB_HASH_BUCKETS << 1)
|
||||
|
||||
__END_DECLS
|
||||
#endif /* _AVTAB_H_ */
|
||||
|
||||
/* FLASK */
|
||||
|
@ -25,6 +25,9 @@
|
||||
#include <sepol/policydb/avtab.h>
|
||||
#include <sepol/policydb/symtab.h>
|
||||
#include <sepol/policydb/policydb.h>
|
||||
#include <sys/cdefs.h>
|
||||
|
||||
__BEGIN_DECLS
|
||||
|
||||
#define COND_EXPR_MAXDEPTH 10
|
||||
|
||||
@ -133,4 +136,5 @@ extern int cond_read_list(policydb_t * p, cond_list_t ** list, void *fp);
|
||||
extern void cond_compute_av(avtab_t * ctab, avtab_key_t * key,
|
||||
struct sepol_av_decision *avd);
|
||||
|
||||
__END_DECLS
|
||||
#endif /* _CONDITIONAL_H_ */
|
||||
|
@ -1,4 +1,3 @@
|
||||
|
||||
/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
|
||||
|
||||
/* FLASK */
|
||||
@ -23,6 +22,8 @@
|
||||
#include <sepol/policydb/ebitmap.h>
|
||||
#include <sepol/policydb/flask_types.h>
|
||||
|
||||
__BEGIN_DECLS
|
||||
|
||||
#define CEXPR_MAXDEPTH 5
|
||||
|
||||
struct type_set;
|
||||
@ -72,6 +73,7 @@ struct policydb;
|
||||
extern int constraint_expr_init(constraint_expr_t * expr);
|
||||
extern void constraint_expr_destroy(constraint_expr_t * expr);
|
||||
|
||||
__END_DECLS
|
||||
#endif /* _CONSTRAINT_H_ */
|
||||
|
||||
/* FLASK */
|
||||
|
@ -1,4 +1,3 @@
|
||||
|
||||
/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
|
||||
|
||||
/* FLASK */
|
||||
@ -23,6 +22,8 @@
|
||||
#include <sepol/policydb/ebitmap.h>
|
||||
#include <sepol/policydb/mls_types.h>
|
||||
|
||||
__BEGIN_DECLS
|
||||
|
||||
/*
|
||||
* A security context consists of an authenticated user
|
||||
* identity, a role, a type and a MLS range.
|
||||
@ -94,4 +95,5 @@ static inline int context_cmp(context_struct_t * c1, context_struct_t * c2)
|
||||
(c1->type == c2->type) && mls_context_cmp(c1, c2));
|
||||
}
|
||||
|
||||
__END_DECLS
|
||||
#endif
|
||||
|
@ -1,4 +1,3 @@
|
||||
|
||||
/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
|
||||
|
||||
/* FLASK */
|
||||
@ -20,6 +19,9 @@
|
||||
|
||||
#include <stdint.h>
|
||||
#include <string.h>
|
||||
#include <sys/cdefs.h>
|
||||
|
||||
__BEGIN_DECLS
|
||||
|
||||
#define MAPTYPE uint64_t /* portion of bitmap in each node */
|
||||
#define MAPSIZE (sizeof(MAPTYPE) * 8) /* number of bits in node bitmap */
|
||||
@ -89,6 +91,7 @@ extern int ebitmap_set_bit(ebitmap_t * e, unsigned int bit, int value);
|
||||
extern void ebitmap_destroy(ebitmap_t * e);
|
||||
extern int ebitmap_read(ebitmap_t * e, void *fp);
|
||||
|
||||
__END_DECLS
|
||||
#endif /* _EBITMAP_H_ */
|
||||
|
||||
/* FLASK */
|
||||
|
@ -28,6 +28,9 @@
|
||||
#include <stddef.h>
|
||||
#include <sepol/handle.h>
|
||||
#include <sepol/policydb/conditional.h>
|
||||
#include <sys/cdefs.h>
|
||||
|
||||
__BEGIN_DECLS
|
||||
|
||||
/*
|
||||
* Expand only the avrules for a module. It is valid for this function
|
||||
@ -76,4 +79,5 @@ extern int expand_avtab(policydb_t * p, avtab_t * a, avtab_t * expa);
|
||||
extern int expand_cond_av_list(policydb_t * p, cond_av_list_t * l,
|
||||
cond_av_list_t ** newl, avtab_t * expa);
|
||||
|
||||
__END_DECLS
|
||||
#endif
|
||||
|
@ -1,4 +1,3 @@
|
||||
|
||||
/* -*- linux-c -*- */
|
||||
|
||||
/*
|
||||
@ -14,6 +13,9 @@
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <stdint.h>
|
||||
#include <sys/cdefs.h>
|
||||
|
||||
__BEGIN_DECLS
|
||||
|
||||
/*
|
||||
* A security context is a set of security attributes
|
||||
@ -59,4 +61,5 @@ struct sepol_av_decision {
|
||||
uint32_t seqno;
|
||||
};
|
||||
|
||||
__END_DECLS
|
||||
#endif
|
||||
|
@ -1,4 +1,3 @@
|
||||
|
||||
/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
|
||||
|
||||
/* FLASK */
|
||||
@ -18,6 +17,9 @@
|
||||
|
||||
#include <stdint.h>
|
||||
#include <stdio.h>
|
||||
#include <sys/cdefs.h>
|
||||
|
||||
__BEGIN_DECLS
|
||||
|
||||
typedef char *hashtab_key_t; /* generic key type */
|
||||
typedef void *hashtab_datum_t; /* generic datum type */
|
||||
@ -134,4 +136,5 @@ extern void hashtab_map_remove_on_error(hashtab_t h,
|
||||
|
||||
extern void hashtab_hash_eval(hashtab_t h, char *tag);
|
||||
|
||||
__END_DECLS
|
||||
#endif
|
||||
|
@ -26,7 +26,11 @@
|
||||
#define _SEPOL_POLICYDB_HIERARCHY_H_
|
||||
|
||||
#include <sepol/policydb/policydb.h>
|
||||
#include <sys/cdefs.h>
|
||||
|
||||
__BEGIN_DECLS
|
||||
|
||||
extern int hierarchy_check_constraints(sepol_handle_t * handle, policydb_t * p);
|
||||
|
||||
__END_DECLS
|
||||
#endif
|
||||
|
@ -12,9 +12,13 @@
|
||||
|
||||
|
||||
#include <stddef.h>
|
||||
#include <sys/cdefs.h>
|
||||
|
||||
__BEGIN_DECLS
|
||||
|
||||
extern int link_modules(sepol_handle_t * handle,
|
||||
policydb_t * b, policydb_t ** mods, int len,
|
||||
int verbose);
|
||||
|
||||
__END_DECLS
|
||||
#endif
|
||||
|
@ -1,4 +1,3 @@
|
||||
|
||||
/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
|
||||
/*
|
||||
* Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
|
||||
@ -35,6 +34,9 @@
|
||||
#include <stdlib.h>
|
||||
#include <sepol/policydb/ebitmap.h>
|
||||
#include <sepol/policydb/flask_types.h>
|
||||
#include <sys/cdefs.h>
|
||||
|
||||
__BEGIN_DECLS
|
||||
|
||||
typedef struct mls_level {
|
||||
uint32_t sens; /* sensitivity */
|
||||
@ -150,4 +152,5 @@ extern void mls_semantic_range_init(mls_semantic_range_t *r);
|
||||
extern void mls_semantic_range_destroy(mls_semantic_range_t *r);
|
||||
extern int mls_semantic_range_cpy(mls_semantic_range_t *dst, mls_semantic_range_t *src);
|
||||
|
||||
__END_DECLS
|
||||
#endif
|
||||
|
@ -27,9 +27,12 @@
|
||||
|
||||
#include <sepol/policydb/policydb.h>
|
||||
#include <sepol/policydb/conditional.h>
|
||||
#include <sys/cdefs.h>
|
||||
|
||||
#define SEPOL_MODULE_PACKAGE_MAGIC 0xf97cff8f
|
||||
|
||||
__BEGIN_DECLS
|
||||
|
||||
struct sepol_module_package {
|
||||
sepol_policydb_t *policy;
|
||||
uint32_t version;
|
||||
@ -45,4 +48,5 @@ struct sepol_module_package {
|
||||
|
||||
extern int sepol_module_package_init(sepol_module_package_t * p);
|
||||
|
||||
__END_DECLS
|
||||
#endif
|
||||
|
@ -1,6 +1,10 @@
|
||||
#ifndef _SEPOL_POLICYDB_POLCAPS_H_
|
||||
#define _SEPOL_POLICYDB_POLCAPS_H_
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
|
||||
__BEGIN_DECLS
|
||||
|
||||
/* Policy capabilities */
|
||||
enum {
|
||||
POLICYDB_CAPABILITY_NETPEER,
|
||||
@ -17,4 +21,5 @@ extern int sepol_polcap_getnum(const char *name);
|
||||
/* Convert a capability number to name. */
|
||||
extern const char *sepol_polcap_getname(int capnum);
|
||||
|
||||
__END_DECLS
|
||||
#endif /* _SEPOL_POLICYDB_POLCAPS_H_ */
|
||||
|
@ -1,4 +1,3 @@
|
||||
|
||||
/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
|
||||
|
||||
/*
|
||||
@ -62,6 +61,7 @@
|
||||
#include <sepol/policydb/context.h>
|
||||
#include <sepol/policydb/constraint.h>
|
||||
#include <sepol/policydb/sidtab.h>
|
||||
#include <sys/cdefs.h>
|
||||
|
||||
#define ERRMSG_LEN 1024
|
||||
|
||||
@ -69,6 +69,8 @@
|
||||
#define POLICYDB_ERROR -1
|
||||
#define POLICYDB_UNSUPPORTED -2
|
||||
|
||||
__BEGIN_DECLS
|
||||
|
||||
/*
|
||||
* A datum type is defined for each kind of symbol
|
||||
* in the configuration data: individual permissions,
|
||||
@ -234,7 +236,7 @@ typedef struct cond_node cond_list_t;
|
||||
struct cond_av_list;
|
||||
|
||||
typedef struct class_perm_node {
|
||||
uint32_t class;
|
||||
uint32_t tclass;
|
||||
uint32_t data; /* permissions or new type */
|
||||
struct class_perm_node *next;
|
||||
} class_perm_node_t;
|
||||
@ -742,7 +744,7 @@ extern int policydb_set_target_platform(policydb_t *p, int platform);
|
||||
#define POLICYDB_MOD_MAGIC SELINUX_MOD_MAGIC
|
||||
#define POLICYDB_MOD_STRING "SE Linux Module"
|
||||
|
||||
|
||||
__END_DECLS
|
||||
#endif /* _POLICYDB_H_ */
|
||||
|
||||
/* FLASK */
|
||||
|
@ -15,6 +15,9 @@
|
||||
#include <sepol/policydb/flask_types.h>
|
||||
#include <sepol/policydb/policydb.h>
|
||||
#include <stddef.h>
|
||||
#include <sys/cdefs.h>
|
||||
|
||||
__BEGIN_DECLS
|
||||
|
||||
/* Set the policydb and sidtab structures to be used by
|
||||
the service functions. If not set, then these default
|
||||
@ -227,4 +230,5 @@ extern int sepol_genfs_sid(const char *fstype, /* IN */
|
||||
sepol_security_class_t sclass, /* IN */
|
||||
sepol_security_id_t * sid); /* OUT */
|
||||
|
||||
__END_DECLS
|
||||
#endif
|
||||
|
@ -1,4 +1,3 @@
|
||||
|
||||
/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
|
||||
|
||||
/* FLASK */
|
||||
@ -12,6 +11,9 @@
|
||||
#define _SEPOL_POLICYDB_SIDTAB_H_
|
||||
|
||||
#include <sepol/policydb/context.h>
|
||||
#include <sys/cdefs.h>
|
||||
|
||||
__BEGIN_DECLS
|
||||
|
||||
typedef struct sidtab_node {
|
||||
sepol_security_id_t sid; /* security identifier */
|
||||
@ -67,6 +69,7 @@ extern void sepol_sidtab_set(sidtab_t * dst, sidtab_t * src);
|
||||
|
||||
extern void sepol_sidtab_shutdown(sidtab_t * s);
|
||||
|
||||
__END_DECLS
|
||||
#endif /* _SIDTAB_H_ */
|
||||
|
||||
/* FLASK */
|
||||
|
@ -14,6 +14,9 @@
|
||||
#define _SEPOL_POLICYDB_SYMTAB_H_
|
||||
|
||||
#include <sepol/policydb/hashtab.h>
|
||||
#include <sys/cdefs.h>
|
||||
|
||||
__BEGIN_DECLS
|
||||
|
||||
/* The symtab_datum struct stores the common information for
|
||||
* all symtab datums. It should the first element in every
|
||||
@ -34,6 +37,7 @@ typedef struct {
|
||||
extern int symtab_init(symtab_t *, unsigned int size);
|
||||
extern void symtab_destroy(symtab_t *);
|
||||
|
||||
__END_DECLS
|
||||
#endif /* _SYMTAB_H_ */
|
||||
|
||||
/* FLASK */
|
||||
|
@ -23,9 +23,14 @@
|
||||
#ifndef __SEPOL_UTIL_H__
|
||||
#define __SEPOL_UTIL_H__
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
|
||||
__BEGIN_DECLS
|
||||
|
||||
extern int add_i_to_a(uint32_t i, uint32_t * cnt, uint32_t ** a);
|
||||
|
||||
extern char *sepol_av_to_string(policydb_t * policydbp, uint32_t tclass,
|
||||
sepol_access_vector_t av);
|
||||
|
||||
__END_DECLS
|
||||
#endif
|
||||
|
@ -3,6 +3,9 @@
|
||||
|
||||
#include <sepol/context_record.h>
|
||||
#include <sepol/handle.h>
|
||||
#include <sys/cdefs.h>
|
||||
|
||||
__BEGIN_DECLS
|
||||
|
||||
struct sepol_port;
|
||||
struct sepol_port_key;
|
||||
@ -63,4 +66,5 @@ extern int sepol_port_clone(sepol_handle_t * handle,
|
||||
|
||||
extern void sepol_port_free(sepol_port_t * port);
|
||||
|
||||
__END_DECLS
|
||||
#endif
|
||||
|
@ -4,6 +4,9 @@
|
||||
#include <sepol/handle.h>
|
||||
#include <sepol/policydb.h>
|
||||
#include <sepol/port_record.h>
|
||||
#include <sys/cdefs.h>
|
||||
|
||||
__BEGIN_DECLS
|
||||
|
||||
/* Return the number of ports */
|
||||
extern int sepol_port_count(sepol_handle_t * handle,
|
||||
@ -37,4 +40,5 @@ extern int sepol_port_iterate(sepol_handle_t * handle,
|
||||
int (*fn) (const sepol_port_t * port,
|
||||
void *fn_arg), void *arg);
|
||||
|
||||
__END_DECLS
|
||||
#endif
|
||||
|
@ -1,10 +1,15 @@
|
||||
#ifndef _SEPOL_ROLES_H_
|
||||
#define _SEPOL_ROLES_H_
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
|
||||
__BEGIN_DECLS
|
||||
|
||||
extern int sepol_role_exists(const sepol_policydb_t * policydb,
|
||||
const char *role, int *response);
|
||||
|
||||
extern int sepol_role_list(const sepol_policydb_t * policydb,
|
||||
char ***roles, unsigned int *nroles);
|
||||
|
||||
__END_DECLS
|
||||
#endif
|
||||
|
@ -3,6 +3,9 @@
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdio.h>
|
||||
#include <sys/cdefs.h>
|
||||
|
||||
__BEGIN_DECLS
|
||||
|
||||
#include <sepol/user_record.h>
|
||||
#include <sepol/context_record.h>
|
||||
@ -25,4 +28,5 @@
|
||||
/* Set internal policydb from a file for subsequent service calls. */
|
||||
extern int sepol_set_policydb_from_file(FILE * fp);
|
||||
|
||||
__END_DECLS
|
||||
#endif
|
||||
|
@ -3,6 +3,9 @@
|
||||
|
||||
#include <stddef.h>
|
||||
#include <sepol/handle.h>
|
||||
#include <sys/cdefs.h>
|
||||
|
||||
__BEGIN_DECLS
|
||||
|
||||
struct sepol_user;
|
||||
struct sepol_user_key;
|
||||
@ -73,4 +76,5 @@ extern int sepol_user_clone(sepol_handle_t * handle,
|
||||
|
||||
extern void sepol_user_free(sepol_user_t * user);
|
||||
|
||||
__END_DECLS
|
||||
#endif
|
||||
|
@ -5,6 +5,9 @@
|
||||
#include <sepol/user_record.h>
|
||||
#include <sepol/handle.h>
|
||||
#include <stddef.h>
|
||||
#include <sys/cdefs.h>
|
||||
|
||||
__BEGIN_DECLS
|
||||
|
||||
/*---------compatibility------------*/
|
||||
|
||||
@ -54,4 +57,5 @@ extern int sepol_user_iterate(sepol_handle_t * handle,
|
||||
int (*fn) (const sepol_user_t * user,
|
||||
void *fn_arg), void *arg);
|
||||
|
||||
__END_DECLS
|
||||
#endif
|
||||
|
@ -38,22 +38,22 @@ static void report_failure(sepol_handle_t *handle, policydb_t *p,
|
||||
avrule->source_line, avrule->source_filename, avrule->line,
|
||||
p->p_type_val_to_name[stype],
|
||||
p->p_type_val_to_name[ttype],
|
||||
p->p_class_val_to_name[curperm->class - 1],
|
||||
sepol_av_to_string(p, curperm->class,
|
||||
p->p_class_val_to_name[curperm->tclass - 1],
|
||||
sepol_av_to_string(p, curperm->tclass,
|
||||
node->datum.data & curperm->data));
|
||||
} else if (avrule->line) {
|
||||
ERR(handle, "neverallow on line %lu violated by allow %s %s:%s {%s };",
|
||||
avrule->line, p->p_type_val_to_name[stype],
|
||||
p->p_type_val_to_name[ttype],
|
||||
p->p_class_val_to_name[curperm->class - 1],
|
||||
sepol_av_to_string(p, curperm->class,
|
||||
p->p_class_val_to_name[curperm->tclass - 1],
|
||||
sepol_av_to_string(p, curperm->tclass,
|
||||
node->datum.data & curperm->data));
|
||||
} else {
|
||||
ERR(handle, "neverallow violated by allow %s %s:%s {%s };",
|
||||
p->p_type_val_to_name[stype],
|
||||
p->p_type_val_to_name[ttype],
|
||||
p->p_class_val_to_name[curperm->class - 1],
|
||||
sepol_av_to_string(p, curperm->class,
|
||||
p->p_class_val_to_name[curperm->tclass - 1],
|
||||
sepol_av_to_string(p, curperm->tclass,
|
||||
node->datum.data & curperm->data));
|
||||
}
|
||||
}
|
||||
@ -72,7 +72,7 @@ static unsigned long check_assertion_helper(sepol_handle_t * handle,
|
||||
for (curperm = avrule->perms; curperm != NULL; curperm = curperm->next) {
|
||||
avkey.source_type = stype + 1;
|
||||
avkey.target_type = ttype + 1;
|
||||
avkey.target_class = curperm->class;
|
||||
avkey.target_class = curperm->tclass;
|
||||
avkey.specified = AVTAB_ALLOWED;
|
||||
for (node = avtab_search_node(te_avtab, &avkey);
|
||||
node != NULL;
|
||||
|
@ -1679,7 +1679,7 @@ static int expand_terule_helper(sepol_handle_t * handle,
|
||||
typemap ? typemap[cur->data - 1] : cur->data;
|
||||
avkey.source_type = stype + 1;
|
||||
avkey.target_type = ttype + 1;
|
||||
avkey.target_class = cur->class;
|
||||
avkey.target_class = cur->tclass;
|
||||
avkey.specified = spec;
|
||||
|
||||
conflict = 0;
|
||||
@ -1791,7 +1791,7 @@ static int expand_avrule_helper(sepol_handle_t * handle,
|
||||
while (cur) {
|
||||
avkey.source_type = stype + 1;
|
||||
avkey.target_type = ttype + 1;
|
||||
avkey.target_class = cur->class;
|
||||
avkey.target_class = cur->tclass;
|
||||
avkey.specified = spec;
|
||||
|
||||
node = find_avtab_node(handle, avtab, &avkey, cond);
|
||||
@ -2574,8 +2574,8 @@ static int copy_neverallow(policydb_t * dest_pol, uint32_t * typemap,
|
||||
if (!new_perm)
|
||||
goto err;
|
||||
class_perm_node_init(new_perm);
|
||||
new_perm->class = cur_perm->class;
|
||||
assert(new_perm->class);
|
||||
new_perm->tclass = cur_perm->tclass;
|
||||
assert(new_perm->tclass);
|
||||
|
||||
/* once we have modules with permissions we'll need to map the permissions (and classes) */
|
||||
new_perm->data = cur_perm->data;
|
||||
|
@ -1293,21 +1293,21 @@ static int copy_avrule_list(avrule_t * list, avrule_t ** dst,
|
||||
}
|
||||
class_perm_node_init(new_perm);
|
||||
|
||||
new_perm->class =
|
||||
module->map[SYM_CLASSES][cur_perm->class - 1];
|
||||
assert(new_perm->class);
|
||||
new_perm->tclass =
|
||||
module->map[SYM_CLASSES][cur_perm->tclass - 1];
|
||||
assert(new_perm->tclass);
|
||||
|
||||
if (new_rule->specified & AVRULE_AV) {
|
||||
for (i = 0;
|
||||
i <
|
||||
module->perm_map_len[cur_perm->class - 1];
|
||||
module->perm_map_len[cur_perm->tclass - 1];
|
||||
i++) {
|
||||
if (!(cur_perm->data & (1U << i)))
|
||||
continue;
|
||||
new_perm->data |=
|
||||
(1U <<
|
||||
(module->
|
||||
perm_map[cur_perm->class - 1][i] -
|
||||
perm_map[cur_perm->tclass - 1][i] -
|
||||
1));
|
||||
}
|
||||
} else {
|
||||
|
@ -3039,7 +3039,7 @@ static avrule_t *avrule_read(policydb_t * p
|
||||
goto bad;
|
||||
}
|
||||
|
||||
cur->class = le32_to_cpu(buf[0]);
|
||||
cur->tclass = le32_to_cpu(buf[0]);
|
||||
cur->data = le32_to_cpu(buf[1]);
|
||||
|
||||
if (!tail) {
|
||||
|
@ -1514,7 +1514,7 @@ static int avrule_write(avrule_t * avrule, struct policy_file *fp)
|
||||
cur = avrule->perms;
|
||||
while (cur) {
|
||||
items = 0;
|
||||
buf[items++] = cpu_to_le32(cur->class);
|
||||
buf[items++] = cpu_to_le32(cur->tclass);
|
||||
buf[items++] = cpu_to_le32(cur->data);
|
||||
items2 = put_entry(buf, sizeof(uint32_t), items, fp);
|
||||
if (items2 != items)
|
||||
|
@ -538,7 +538,7 @@ static int avrule_to_cil(int indent, struct policydb *pdb, uint32_t type, const
|
||||
|
||||
for (classperm = classperms; classperm != NULL; classperm = classperm->next) {
|
||||
if (type & AVRULE_AV) {
|
||||
perms = sepol_av_to_string(pdb, classperm->class, classperm->data);
|
||||
perms = sepol_av_to_string(pdb, classperm->tclass, classperm->data);
|
||||
if (perms == NULL) {
|
||||
log_err("Failed to generate permission string");
|
||||
rc = -1;
|
||||
@ -546,12 +546,12 @@ static int avrule_to_cil(int indent, struct policydb *pdb, uint32_t type, const
|
||||
}
|
||||
cil_println(indent, "(%s %s %s (%s (%s)))",
|
||||
rule, src, tgt,
|
||||
pdb->p_class_val_to_name[classperm->class - 1],
|
||||
pdb->p_class_val_to_name[classperm->tclass - 1],
|
||||
perms + 1);
|
||||
} else {
|
||||
cil_println(indent, "(%s %s %s %s %s)",
|
||||
rule, src, tgt,
|
||||
pdb->p_class_val_to_name[classperm->class - 1],
|
||||
pdb->p_class_val_to_name[classperm->tclass - 1],
|
||||
pdb->p_type_val_to_name[classperm->data - 1]);
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user